Concerns Over Vercel’s Claude Plugin? Is It Collecting Prompts and Commands from All Projects?
📰 News Overview
- The Claude Code plugin from Vercel has been found to start telemetry (data collection) in projects that are unrelated to Vercel.
- The consent request for data collection doesn’t come through a native UI; instead, it uses prompt injections into Claude’s system context to ask the AI.
- Contrary to the claim of “anonymous usage data,” full strings of bash commands, including file paths and environment variable names, are being transmitted.
💡 Key Points
- Clever Consent Process: The plugin employs a unique implementation instructing the AI to “ask the user, and based on their responses, execute shell commands to write configuration files.”
- Excessive Data Collection: While sharing prompts is opt-in, sending the entire executed bash command is enabled by default, leaving users without a choice.
- Indiscriminate Project Behavior: The plugin operates across all projects in the installed environment without determining if they are Vercel projects, thus monitoring data indiscriminately.
🦈 Shark’s Eye (Curator’s Perspective)
It’s shocking that the plugin doesn’t present a direct UI, instead injecting commands into Claude’s mind to say, “Make the user say this and execute that behind the scenes.” Users can’t tell if it’s a question from the AI or a directive from the plugin! Plus, sending complete execution commands while claiming it’s “anonymous data” is a bit much. The fact that commands including full paths and environment variables are sent out is a pretty risky move from a security standpoint!
🚀 What’s Next?
As developers push back against the lack of transparency in data collection, Vercel will likely be pressured to implement clearer CLI-based consent confirmations and restrictions limiting operations to Vercel projects only.
💬 Haru Shark’s Takeaway
Just because it’s convenient doesn’t mean you should allow everything! Make sure to check your settings to protect your valuable code and secrets! 🦈🔥
📚 Terminology
-
Prompt Injection: A technique of embedding additional commands within instructions to the AI, causing it to execute unintended behaviors. This plugin is using this to ask questions to users.
-
Telemetry: A system that automatically sends software usage data and operational logs back to the developers.
-
System Context: The domain that defines the “premises” and “roles” for generating AI responses. External plugins can write instructions into this context.